Skip to content

[DO NOT MERGE] Add Tutorials Audit Framework#3815

Draft
sekyondaMeta wants to merge 2 commits into
mainfrom
hybrid-deprecation-scanner
Draft

[DO NOT MERGE] Add Tutorials Audit Framework#3815
sekyondaMeta wants to merge 2 commits into
mainfrom
hybrid-deprecation-scanner

Conversation

@sekyondaMeta
Copy link
Copy Markdown
Contributor

@sekyondaMeta sekyondaMeta commented Apr 2, 2026

Automated audit framework for PyTorch tutorial content health. Scheduled monthly via GitHub Actions (Stage 1: deterministic script-based audits) with optional Claude Code semantic analysis (Stage 2).

Audit passes:

  • Build log warnings: extract DeprecationWarning/FutureWarning from CI logs
  • Changelog diff: cross-reference PyTorch release notes against tutorials
  • Orphaned tutorials: detect invisible tutorials, broken cards, NOT_RUN accountability
  • Security patterns: torch.load without weights_only, eval(), non-HTTPS URLs
  • Staleness check: tutorials-review-data.json freshness analysis
  • Dependency health: import vs requirements.txt mismatches
  • Template compliance: author attribution, grid cards, conclusion sections
  • Index consistency: tag typos, missing thumbnails, redirect chains
  • Build health: metadata.json coverage, shard imbalance, NOT_RUN growth

Security:

  • Content sanitization (HTML comments, @mentions, script tags, truncation)
  • Claude skill with 6 mandatory guardrails (no PR actions, no file modifications)
  • Safe AST-based parsing of redirects.py (no exec())
  • Streaming zip download for build logs (no full memory load)
  • Action versions pinned to SHA hashes

Config-driven for cross-repo adoption. Only config.yml differs per repo. Trend tracking via previous closed audit issue (no contents:write needed). 68 pytest tests covering security boundary and all audit passes.

@sekyondaMeta
Add Tutorials Audit Framework
bb0a3f8 
Automated audit framework for PyTorch tutorial content health.
Scheduled monthly via GitHub Actions (Stage 1: deterministic script-based
audits) with optional Claude Code semantic analysis (Stage 2).

Audit passes:
- Build log warnings: extract DeprecationWarning/FutureWarning from CI logs
- Changelog diff: cross-reference PyTorch release notes against tutorials
- Orphaned tutorials: detect invisible tutorials, broken cards, NOT_RUN accountability
- Security patterns: torch.load without weights_only, eval(), non-HTTPS URLs
- Staleness check: tutorials-review-data.json freshness analysis
- Dependency health: import vs requirements.txt mismatches
- Template compliance: author attribution, grid cards, conclusion sections
- Index consistency: tag typos, missing thumbnails, redirect chains
- Build health: metadata.json coverage, shard imbalance, NOT_RUN growth

Security:
- Content sanitization (HTML comments, @mentions, script tags, truncation)
- Claude skill with 6 mandatory guardrails (no PR actions, no file modifications)
- Safe AST-based parsing of redirects.py (no exec())
- Streaming zip download for build logs (no full memory load)
- Action versions pinned to SHA hashes

Config-driven for cross-repo adoption. Only config.yml differs per repo.
Trend tracking via previous closed audit issue (no contents:write needed).
68 pytest tests covering security boundary and all audit passes.
@pytorch-bot
Copy link
Copy Markdown

pytorch-bot Bot commented Apr 2, 2026
edited
Loading

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/tutorials/3815

Note: Links to docs will display an error until the docs builds have been completed.

✅ No Failures

As of commit 37bae8c with merge base cc4874c (image):
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

@meta-cla meta-cla Bot added the cla signed label Apr 2, 2026
@sekyondaMeta sekyondaMeta added skip-link-check Will allow you to skip linkcheck on a PR. Should only should be used when a link can't be fixed. build automation tutorials_audit used on tutorial audit PRs labels Apr 2, 2026
@meta-cla
Copy link
Copy Markdown

meta-cla Bot commented May 20, 2026

Hi @sekyondaMeta!

Thank you for your pull request.

We require contributors to sign our Contributor License Agreement, and yours needs attention.

You currently have a record in our system, but the CLA is no longer valid, and will need to be resubmitted.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build automation cla signed skip-link-check Will allow you to skip linkcheck on a PR. Should only should be used when a link can't be fixed. tutorials_audit used on tutorial audit PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sekyondaMeta